CVE-2024-1580 MEDIUM

CVE-2024-1580: Integer overflow in VideoLAN dav1d

Vendor Videolan
Product dav1d
Weakness CWE-190
Published February 19, 2024
Last update February 13, 2025

CVSS base score

5.9/10
Attack vector Adjacent
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

What the vulnerability does

01Description

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.

Key dates

02Disclosure timeline

February 19, 2024 CVE published
February 13, 2025 Record updated